Questions about ASA firepower captured file storage for AMP

west33637 · ‎08-15-2015

I have a Sourcefire implementation with FMC 5.4.1 and an ASA 5506-x running firepower 5.4.1. I have configured a file policy to inspect all files and have an access control rule that does cloud malware lookups, including sphero and dynamic lookups for unknown files.

In my file policy, I checked the option to store unknown files. However, when doing an analysis of files that come back with an unknown disposition, I am unable to download the files. Instead the link is greyed out, and I get a message stating ‘ File not stored, cannot download’.

Is this a limitation on the ASA 5506-x? Can I not store files on it? Thanks!!

On a side note, for files that are stored on the Firepower sensor hard drive. How long are they stored before they get deleted? Or are they just sored till they fill up the hard drive? How do you delete the captured files off the SSD drive?

Marvin Rhoads · ‎08-15-2015

I can't find the reference to confirm' but I seem to remember that is a limitation of the appliances that use local storage only and not an external FireSIGHT Management Center.

Re you side note, I'm not sure.

dney · ‎10-30-2015

I have a simliar configuration and wondering the same thing. Hopefully someone can chime in.

r.mikes · ‎04-06-2016

Hi,

any resolution on that. I have the same problem on the similar setup.